package v1

import (
	"net/http"
	"strings"

	"github.com/tungyao/cedar"
)

func Csrf(w http.ResponseWriter, r *http.Request, co *cedar.Core) bool {
	if r.Method == "POST" {
		_csrf := str(co.Session.Get("_csrf").([]byte))
		if strings.EqualFold(r.FormValue("_csrf"), _csrf) {
			return true
		}
		if strings.EqualFold(r.Header.Get("_csrf"), _csrf) {
			return true
		}
	}
	co.Json().Error("access defined")
	return false
}
